WSJ Twitter account hacked

The Wall Street Journal was just hijacked and used to poke fun at an American security expert.

A Wall Street Journal Twitter account was just caught in the crossfire between the Syrian Electronic Army and a security researcher the hacker group hates.

On Tuesday afternoon, the @WSJD account tweeted a headshot of Ira Winkler, a security expert in Annapolis, Md. The photo was placed on the body of a cockroach.

"@Irawinkler is a cockroach," the account tweeted.

Winkler is the go-to guy when companies get hacked by the Syrian Electronic Army, a ragtag group that defaces news and social media websites.

Last year, the SEA hijacked the Associated Press account and tweeted fake news that the White House had been bombed. CNN's account was used to tweet a photo of the Syrian flag. They also took down the New York Times' website.

The cockroach tweet is part of a skirmish between Winkler and the criminal cyber squad.

Winkler made a presentation to computer security experts at the the RSA cybersecurity conference in February, explaining how the group works and identifying some of its members. Among them: Hatem Deeb in Russia and Mohammed Osman in Turkey. He said both provide the SEA with technical support.

"These people are kind of like the cockroaches of the Internet at the moment," he said at the time. "The attacks are really of little consequence except to spread propaganda."

As revenge, the SEA hacked RSAconference.com and said, "If there is a COCKROACH in the internet it would be definitely you."

Fast-forward to Tuesday, when the @WSJD account was hijacked to call Winkler a cockroach. A few minutes later, the Wall Street Journal acknowledged the incident.

"We are aware some of our Twitter accounts may have been compromised. We are looking into it," the newspaper said on its main Twitter account.

The scary reality of hacking infrastructure

Winkler told CNNMoney this latest attack is another sign the SEA isn't very talented and aims for low-hanging fruit. They usually worm their way into corporate networks using simple spear phishing attacks: sending emails to employees and duping them into giving up their official credentials.

"These guys are imbeciles," he said. "They're a bunch of 20-something, minimally technical people with too much time on their hands and money from the Syrian intelligence services. They're more ants than cockroaches."

Winkler, who's the CEO of security firm Secure Mentem, said he's working closely with law enforcement officials to help hunt down the group's members.